• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-26615

February 23, 2023 by godfreyd94

A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.

CVE-2022-26616

February 23, 2023 by godfreyd94

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.

CVE-2022-26624

February 23, 2023 by godfreyd94

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.

CVE-2022-26644

February 23, 2023 by godfreyd94

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.

CVE-2022-26494

February 23, 2023 by godfreyd94

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.

CVE-2022-26497

February 23, 2023 by godfreyd94

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the “Share room access” dialog if the victim has shared access to the particular room with the attacker previously.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2008
  • Go to page 2009
  • Go to page 2010
  • Go to page 2011
  • Go to page 2012
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE